[main]
; Kerberos Auth
principal   = {{ koji_gc_principal }}
keytab      = {{ koji_gc_keytab }}
krb_rdns    = False
key_aliases =
    6D745A60    signing
    BBE2C108    testing-signing

unprotected_keys =
    testing-signing

server = {{ koji_hub_url }}
weburl = {{ koji_web_url }}

# We don't know what we're doing with SSL CA's yet
serverca = {{ koji_web_cacert }}

# The domain name that will be appended to Koji usernames
# when creating email notifications
#email_domain = fedoraproject.org

# SMTP user and pass (uncomment and fill in if your smtp server requires authentication)
#smtp_user=user@example.com
#smtp_pass=CHANGEME

[prune]
policy =
    #stuff to protect
    #note that tags with master lock engaged are already protected
    tag *-updates :: keep
    age < 1 day :: skip

    #stuff to chuck semi-rapidly
    tag *-testing *-candidate :: {  # nested rules
        order >= 2 :: untag
        order > 0 && age > 6 weeks :: untag
    }  #closing braces must be on a line by themselves (modulo comments/whitespace)
    tag *-candidate && age > 60 weeks :: untag

    #default: keep the last 3
    order > 2 :: untag
